Late on March 27, Change Healthcare (CHC)’s parent company, UnitedHealth Group (UHG), provided an update on its analysis of the extent of “impacted data” involved in the CHC incident....more
BakerHostetler is closely monitoring imminent cybersecurity threats to healthcare revenue cycle management personnel and vendors.
Most recently, Change Healthcare (CHC), a healthcare technology and business management...more
2/26/2024
/ Breach Notification Rule ,
Business Associates ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Popular ,
Technology ,
Third-Party Service Provider
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into vendor...more
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into vendor...more
On May 31, 2021, the Texas Legislature approved House Bill 3746, which amends the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a data breach involving Texas residents....more
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key...more
The OCR’s January 2018 newsletter details specific types of cyber extortion that healthcare organizations are currently encountering, including ransomware, denial of service attacks, distributed denial of service attacks and...more
How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices.
Following the announcement of a recent settlement between the U.S. Department of...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) continued its run of resolution agreements for HIPAA violations, pulling in $5.45 million from just two entities, North Memorial Health Care of...more
Every tax season is plagued with scams to defraud individuals and companies for money from tax returns. However, this year has started off with a bang and this means that the healthcare industry has another reason to worry....more
3/14/2016
/ Data Breach ,
Email ,
Hackers ,
Health Care Providers ,
Identity Theft ,
IRS ,
Phishing Scams ,
Popular ,
Spoofing ,
Tax Fraud ,
Tax Returns
On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more
10/14/2015
/ Compliance ,
Corporate Fines ,
Corrective Actions ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Concerns ,
Security Risk Assessments ,
Security Rule
We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. The report confirms the...more
6/12/2015
/ Attorney General ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Government Investigations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Medical Records ,
OCR ,
PHI
The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more
Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more
2/9/2015
/ Anthem Insurance ,
Breach Notification Rule ,
Corporate Counsel ,
Data Breach ,
Employer Group Health Plans ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
PHI ,
Popular ,
Self-Insured Health Plans
Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors
The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more
1/21/2013
/ Compliance ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
HONI ,
Mobile Devices ,
OCR ,
Patient Confidentiality Breaches ,
PHI ,
Settlement
In This Issue:
- Healthcare Provisions in the American Taxpayer Relief Act - the Good, the Bad and the Ugly
- American Taxpayer Relief Act Amends Overpayment Recovery Time Limits
- OIG Advisory Opinion Sheds...more
1/14/2013
/ American Taxpayer Relief Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Breach ,
Electronic Medical Records ,
Fraud ,
Healthcare ,
OCR ,
OIG ,
Overpayment Recovery Time Limits ,
Pay-for-Performance ,
Reporting Requirements ,
Settlement
The breach notification interim final rule requires covered entities to submit to the Office for Civil Rights (OCR) notice of breaches of unsecured protected health information (PHI) (45 C.F.R. 164.408) by March 1, 2013....more
A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more
The Department of Health and Human Services Office of Inspector General (“OIG”) recently published a report, CMS Response to Breaches and Medical Identity Theft (“Report”), which referenced 14 breaches of medical information...more